Johan Cwiklinski

24 exploits Active since Mar 2019
CVE-2020-11060 WRITEUP HIGH WRITEUP
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6.
CVSS 7.4
CVE-2021-21319 WRITEUP MEDIUM WRITEUP
Galette < 0.9.5 - Stored Cross-Site Scripting in Self Subscription Page
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
CVSS 6.8
CVE-2020-5248 WRITEUP HIGH WRITEUP
GLPI < 9.4.6 - Use of Hard-coded Credentials via Default GLPIKEY
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work.
CVSS 7.2
CVE-2021-21319 WRITEUP MEDIUM WRITEUP
Galette < 0.9.5 - Stored Cross-Site Scripting in Self Subscription Page
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
CVSS 6.8
CVE-2022-31061 WRITEUP CRITICAL WRITEUP
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVSS 9.8
CVE-2019-10232 WRITEUP CRITICAL WRITEUP
Teclib GLPI < 9.3.3 - SQL Injection via Cycle Parameter
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CVSS 9.8
CVE-2019-13240 WRITEUP MEDIUM WRITEUP
GLPI < 9.4.1 - Weak Password Recovery Mechanism for Forgotten Password
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
CVSS 5.9
CVE-2020-11031 WRITEUP HIGH WRITEUP
GLPI < 9.5.0 - Use of a Broken or Risky Cryptographic Algorithm
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.
CVSS 7.8
CVE-2020-11062 WRITEUP MEDIUM WRITEUP
GLPI 0.68.1-9.4.6 - Reflected Cross-Site Scripting via Dropdown Endpoints
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.
CVSS 6.0
CVE-2020-15108 WRITEUP HIGH WRITEUP
glpi < 9.5.1 - SQL Injection via Clone Feature
In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
CVSS 7.1
CVE-2020-15176 WRITEUP HIGH WRITEUP
GLPI < 9.5.2 - SQL Injection via Backtick Input
In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2
CVSS 8.7
CVE-2021-21258 WRITEUP MEDIUM WRITEUP
GLPI 9.5.0-9.5.4 - Cross-Site Scripting via ajax/kanban.php
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4.
CVSS 6.8
CVE-2021-21319 WRITEUP MEDIUM WRITEUP
Galette < 0.9.5 - Stored Cross-Site Scripting in Self Subscription Page
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.
CVSS 6.8
CVE-2021-41260 WRITEUP HIGH WRITEUP
Galette < 0.9.6 - Cross-Site Request Forgery
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.
CVSS 8.2
CVE-2021-41261 WRITEUP HIGH WRITEUP
Galette < 0.9.6 - Authenticated Stored Cross-Site Scripting via Preferences Footer
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds.
CVSS 8.1
CVE-2021-41262 WRITEUP HIGH WRITEUP
Galette < 0.9.6 - Authenticated SQL Injection
Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to SQL injection attacks by users with "member" privilege. Users are advised to upgrade to version 0.9.6 as soon as possible. There are no known workarounds.
CVSS 8.8
CVE-2022-24867 WRITEUP HIGH WRITEUP
GLPI < 10.0.0 - Unauthenticated LDAP Password Exposure via JavaScript Config
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the source code of the rendered page, we can see the password for the root dn. Users are advised to upgrade. There is no known workaround for this issue.
CVSS 7.5
CVE-2023-46727 WRITEUP HIGH WRITEUP
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory.
CVSS 8.6
CVE-2024-24761 WRITEUP HIGH WRITEUP
Galette 1.0.0-1.0.1 - Incorrect Authorization
Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue.
CVSS 7.5
CVE-2024-27096 WRITEUP HIGH WRITEUP
GLPI 0.65-10.0.12 - Authenticated SQL Injection via Search Engine
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.
CVSS 7.7
CVE-2024-27098 WRITEUP MEDIUM WRITEUP
GLPI 9.5.0-10.0.12 - Authenticated Server-Side Request Forgery via Arbitrary Object Instantiation
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
CVSS 6.4
CVE-2024-31456 WRITEUP HIGH WRITEUP
GLPI 9.3.0-10.0.14 - Authenticated SQL Injection via Map Search
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
CVSS 7.7
CVE-2025-27147 WRITEUP HIGH WRITEUP
GLPI Inventory Plugin <1.5.0 - Privilege Escalation
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability.
CVSS 8.2
CVE-2025-27514 WRITEUP MEDIUM WRITEUP
GLPI 9.5.0-10.0.18 - Stored Cross-Site Scripting in Project Kanban
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.19.
CVSS 4.5